[Bug 603703] Re: [Security] opensc OpenSC stores private data without proper access restrictions - CVE-2009-0368

Tue, 13 Jul 2010 06:11:43 -0700 

This bug was fixed in the package opensc - 0.11.4-5ubuntu1.1

---------------
opensc (0.11.4-5ubuntu1.1) jaunty-security; urgency=low

  * SECURITY UPDATE: Fix insecure profile handling (LP: #603703)
  - modified src/pkcs15init/asepcos.profile, src/pkcs15init/cardos.profile,
    src/pkcs15init/cyberflex.profile, src/pkcs15init/flex.profile,
    src/pkcs15init/gpk.profile, src/pkcs15init/incrypto34.profile,
    src/pkcs15init/jcop.profile, src/pkcs15init/muscle.profile,
    src/pkcs15init/pkcs15-lib.c, src/pkcs15init/starcos.profile: Backport fix
    from upstream svn#3605. Fixes improper handling of private data in profiles
  - modified etc/opensc.conf.in, src/pkcs11/misc.c: Change the defaults of
    lock_login and soft_keygen_allowed to prevent untrusted applications
    from using the smartcard and preventing unexpected client side key
    generation.
    Patches provided by Debian in Lenny (DSA-1734-1)
  - CVE-2009-0368
 -- Brian Thomason <[email protected]>   Fri, 09 Jul 2010 13:55:29 
-0400

** Changed in: opensc (Ubuntu Jaunty)
       Status: Fix Committed => Fix Released

-- 
[Security] opensc OpenSC stores private data without proper access restrictions 
- CVE-2009-0368
https://bugs.launchpad.net/bugs/603703
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to